redirect doesn't seem to work?
Robert P. J. Day
Sat, 9 Nov 2002 08:16:20 -0500 (EST)
On 4 Nov 2002, Ben Russo wrote:
> Have a UNIX server. User wants to write programs to receive SNMPTraps.
> I *thought* I could redirect incomming traffic to port 162 to a high
> port, (like 4162) where the user could have his programs receive the
> messages with no special privelages?
> Anyway, a completely normal box, no special firewalling rules....
> The only rule I create is:
> iptables -t nat -A POSTROUTING -p udp -m udp --dport 162 -j REDIRECT
> --to-ports 4162
> Now, the user starts his program that binds to udp port 4162 ( I can see
> it with "netstat -nap" ) but he doesn't see any packets coming in.
> I run tcpdump -n | grep snmptrap and I see packets coming from the
> network to the server on udp port 162, and the server sending back icmp
> unreachable packets back to the sources??
> Why doesn't the redirect work?
don't you want that to be a PREROUTING rule, not POSTROUTING?
rday (who now knows just enough to possibly give really bad advice :-)